Inside Group Pink’s Vishing Tactics, Residential Proxy Zero-Trust, and the AI SecOps Arms Race

This week on Dragon News Bytes, Eli Woodward, Steven Campbell, and Will Baxter dive into the rapidly shifting operational landscape. From extortion groups leveraging vishing to bypass corporate perimeters from the inside out, to the industrialization of localized phishing via LLMs, the team breaks down the TTPs you need to hunt for right now. Plus, a hard look at the reality of automated vulnerability hunting and a preview of Team Cymru’s packed summer infrastructure defense tour.

‍

Topics Covered:

• The Call is Coming from Inside the House (Group Pink): Analysis of Unit 42’s latest tracking of CLCRI 1147 (Pink). The team details how this group utilizes vishing as a front door, jumps into SharePoint and OneDrive for data exfiltration, and leverages compromised internal accounts to extort victims via Microsoft Teams.
• The Residential Proxy Identity Crisis: A deep dive into the explosion of residential proxy networks—including consumer TV "super boxes" and compromised home media servers. Will Baxter breaks down why the industry must shift from viewing IP addresses as static endpoints to applying zero-trust identity principles at the network layer.
• TA4922’s Linguistic Expansion: Reviewing Proofpoint’s data on a Chinese-speaking cybercrime group expanding targeting into Europe and South Africa. The catalyst? Using LLMs to seamlessly localize payroll and tax lures, erasing historical cultural barriers to entry.
• Agentic SecOps — From Explanation to Action: A critical discussion on Anthropic’s expanded Mythos access via Project Glasswing and Google’s Big Sleep/CodeMender frameworks. The team challenges listeners on the shifting role of the human analyst: when AI handles discovery and patching, where does human accountability sit?

Events & Community:

• RISEx DC: June 11 in Washington DC, US
• RISEx New York: June 16 in New York City, US
• Underground Economy: September 7th -9th in Strasbourg, France‍
  
  • 🔗 to register: https://www.team-cymru.com/events/underground-economy-2026

Connect with Us:

‍

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru
• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb

Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.

‍